Difference between revisions of "Netwerk draadloos handleidinglinux"

From Cncz
Jump to: navigation, search
m (SuSE 10.1 [en de][and the] KNetworkManager)
 
(39 intermediate revisions by 11 users not shown)
Line 1: Line 1:
== [Draadloze netwerkinstellingen voor Linux][Wireless network settings for Linux] ==
+
= [Draadloze netwerkinstellingen voor Linux][Wireless network settings for Linux] =
 
+
[en]
=== [Algemeen][General] ===
+
Notes from a student for
 +
[/en]
 +
[nl]
 +
Enkele notities van een student voor (beide in het Engels)
 +
[/nl]
 +
* [[Overleg gebruiker:Gmulder/WLAN/wpa supplicant|wpa_supplicant]]
 +
* [[Overleg gebruiker:Gmulder/WLAN/NetworkManager|NetworkManager]]
  
 +
== [wpa_supplicant instellingen][wpa_supplicant settings] ==
 
[nl]
 
[nl]
# '''Certificaat''':Tot begin 2007 moest eerst het C&CZ root-certificaat geimporteerd worden. Dit hoeft nu niet meer, omdat C&CZ via SURFnet een GlobalSign certificaat gekocht heeft dat standaard vertrouwd wordt (met Certificate Authority "GTE CyberTrust Global Root").
+
Voor de meeste linux varianten geldt dat je een draadloze connectie kunt opzetten met behulp van wpa_supplicant.  
# '''wpa_supplicant instellingen''': Voor de meeste linux varianten geldt dat je een draadloze connectie kunt opzetten met behulp van wpa_supplicant.  
+
Het volgende werkt met network-manager en wpa_supplicant geinstalleerd. (<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>) Ik neem aan dat dit ook kan met KDE, etc.  
Het volgende werkt met network-manager en wpa_supplicant geinstalleerd. (<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>) Ik neem aan dat dit ook kan met KDE, etc. In de taakbalk zie je een applet rechts voor het netwerk. Klik op het icoontje, de aanwezige draadloze netwerken verschijnen. Klik op 'Science'. Je krijgt dan een invul-formulier. Vul de volgende velden in:
+
# In de taakbalk zie je een applet rechts voor het netwerk.  
 
+
# Klik op het icoontje, de aanwezige draadloze netwerken verschijnen.  
 +
# Klik op 'Science'. Je krijgt dan een invul-formulier. Vul de volgende velden in:
 +
[/nl]
 +
[en]
 +
For  most linux distributions you can set up a wireless connection using wpa_supplicant.
 +
The following works with Ubuntu-dapper with gnome, and network-manager and wpasupplicant installed. (<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>). I assume it also works for KDE, etc.
 +
# In the task bar you will see an applet for the network on the right side.
 +
# Click on the icon, then the available wireless networks will appear.
 +
# Click on 'Science'. You will get a form. Fill in the following fields:
 +
[/en]
 
  Wireless security: WPA-enterprise
 
  Wireless security: WPA-enterprise
 
  EAP method: PEAP
 
  EAP method: PEAP
 
  Key-type: automatic
 
  Key-type: automatic
  Identity: (FNWI username)
+
  Identity: (Science username)
  Password: (FNWI password)
+
  Password: (Science password)
  CA certificate file: /etc/cacert.pem of waar de standaard certificate bundel ook mag staan op je PC.
+
  CA certificate file: /etc/cacert.pem <- [Pas dit aan naar de certificaat-bundel voor je eigen systeem][Modify this to the certificate bundle for your own system]
 +
# [Je kunt de certificaatbundel voor je eigen distributie vinden in][You can find the certificate bundle for your distribution here]:
 +
** '''SUSE:''' /etc/cacert.pem
 +
** '''Ubuntu:''' /etc/ssl/certs/ca.pem  ([Zie ook][Also see]: [[#Ubuntu Gutsy Gibbon]])
 +
** '''Gentoo:''' /etc/ssl/certs/ca-certificates.crt
 +
 
 +
[nl]
 +
# Klik op "Login to network". Wacht even en de verbinding wordt gemaakt.  Als dat niet mocht werken, kan het ook door een bestand wpa_supplicant.conf te maken met de volgende inhoud:
 +
[/nl]
 +
[en]
 +
# Click "Login to network". Wait a moment and the connection will be established.  If that doesn't work you can make a file wpa_supplicant.conf with the following content:
 +
[/en]
  
Klik: Login to network. Wacht even en de verbinding wordt gemaakt.  Als dat niet mocht werken, kan het ook door een bestand wpa_supplicant.conf te maken met de volgende inhoud:
 
 
 
  ctrl_interface=/var/run/wpa_supplicant
 
  ctrl_interface=/var/run/wpa_supplicant
 
  network={
 
  network={
Line 25: Line 50:
 
   pairwise=TKIP
 
   pairwise=TKIP
 
   identity="username"
 
   identity="username"
   password="wachtwoord"
+
   password="password"
   ca_cert="/etc/cacert.pem of waar de standaard certificate bundel ook mag staan op je PC"
+
   ca_cert="/etc/cacert.pem <- [Pas dit aan naar de certificaat-bundel voor je eigen systeem, zie hierboven][Modify this to the certificate bundle for your own system, see above]
 
   phase2="auth=MSCHAPV2"
 
   phase2="auth=MSCHAPV2"
 
  # priority=10
 
  # priority=10
 
  }
 
  }
 
Vervang hierin username en wachtwoord door je eigen username en wachtwoord. Plaats dit in de directory waar de networkscripts staan (voor SUSE in /etc/sysconfig/network, voor ubuntu in /etc/network) Voeg de volgende regel toe aan je ifcfg file voor je wireless interface met natuurlijk het juiste pad als je geen SUSE gebruikt.
 
  
WIRELESS_WPA_CONF='/etc/sysconfig/network/wpa_supplicant.conf'
+
[nl]
 +
# Vervang hierin 'username' en 'password' door je eigen username en wachtwoord (Laat de aanhalingstekens staan). Plaats dit in de directory waar de netwerkscripts staan:
 
[/nl]
 
[/nl]
 +
[en]
 +
# Make sure to change 'username' and 'password' to your own username and password (keep the quotes). Move this file to the network script directory:
 +
[/en]
  
 +
* '''SUSE:''' /etc/sysconfig/network/wpa_supplicant.conf
 +
* '''Ubuntu:''' /etc/network/wpa_supplicant.conf
 +
* '''Gentoo:''' /etc/wpa_supplicant/wpa_supplicant.conf
 +
 +
[nl]
 +
Voeg de volgende regel toe aan je ifcfg file voor je wireless interface (Pas het pad aan voor je eigen distibutie).
 +
[/nl]
 
[en]
 
[en]
# '''Certificate''': Until early 2007 one had to import the C&CZ root-certificate. This is no longer necessary, because C&CZ bought though SURFnet a GlobalSign certificate, which is trusted normally (with Certificate Authority "GTE CyberTrust Global Root").
+
Add the next line to your ifcfg file for your wireless interface. (Don't forget to modify the path for your own distribution).
# '''wpa_supplicant settings''': For  most linux distributions you can set up a wireless connection using wpa_supplicant.
+
[/en]
The following works with Ubuntu-dapper with gnome, and network-manager and wpasupplicant installed. (<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>). I assume it also works for KDE, etc. In the task bar you will see an applet for the network on the right side. Click on the icon, then the available wireless networks will appear. Click on 'Science'. You will get a form. Fill in the following fields:
 
  
  Wireless security: WPA-enterprise
+
  WIRELESS_WPA_CONF='/etc/sysconfig/network/wpa_supplicant.conf'
EAP method: PEAP
 
Key-type: automatic
 
Identity: (FNWI username)
 
Password: (FNWI password)
 
CA certificate file: browse to cacert.crt, or where the standard certificate bundle may be on your computer.
 
Click: Login to network. Wait a moment and the connection will be established.  If that doesn't work you can make a file wpa_supplicant.conf with the contents:
 
 
ctrl_interface=/var/run/wpa_supplicant
 
network={
 
  ssid="Science"
 
  proto=WPA
 
  key_mgmt=WPA-EAP
 
  eap=PEAP
 
  pairwise=TKIP
 
  identity="username"
 
  password="password"
 
  ca_cert="/etc/certs/ca.pem or where the standard certificate bundle may be on your computer"
 
  phase2="auth=MSCHAPV2"
 
# priority=10
 
}
 
 
Change in this file username and password to your own username and password. Move this file to the directory where network script can be found (for SUSE this is /etc/sysconfig/network, for Ubuntu it is /etc/network). Add the next line to your ifcfg file for your wireless interface. Of course you have to change the directory if you don't use SUSE.
 
  
WIRELESS_WPA_CONF='/etc/sysconfig/network/wpa_supplicant.conf'
+
== Network Manager[instellingen][settings] ==
 +
[nl]
 +
Als je distributie is uitgerust met de nieuwe Network Manager, kun je deze ook gebruiken met de volgende instellingen:
 +
[/nl]
 +
[en]
 +
If your distribution supports the new Network Manager, you can connect to the Science network with the following settings:
 
[/en]
 
[/en]
  
=== '''Ubuntu Gutsy Gibbon''' ===
+
'''[Algemene instellingen][General settings]'''
 +
Connection name: RU Science
 +
Connect Automatically: [Aanvinken/Ja][Mark/yes]
 +
System setting: [Niet Aanvinken/Nee][Unmark/no]
 +
'''Wireless tab:'''
 +
SSID: Science  // [Let op: hoofdletter S][Note the capital S]
 +
Mode: Infrastructure
 +
BSSID: <[niet invullen][leave blank]>
 +
MAC adress: <[niet invullen][leave blank]>
 +
MTU: automatic
 +
'''Wireless Security tab:'''
 +
Security: WPA & WPA2 Enterprise
 +
Authentication: Protected EAP (PEAP)
 +
Anonymous identity: <[niet invullen][leave blank]>
 +
CA certificate: (none) // <[niet invullen][leave blank]>
 +
PEAP version: Version 0
 +
Inner authentication: MSCHAPv2
 +
Username: <[jouw][your]-science-login>
 +
Password: <[jouw][your]-science-[wachtwoord][password]> // [Leeg laten om te laten vragen bij verbinding maken][or leave blank to ask each time at connecting]
 +
'''IPv4 settings tab:'''
 +
Method: Automatic (DHCP)
 +
DHCP client ID: <[niet invullen][leave blank]>
  
 +
=== Wireless@RU ===
 
[nl]
 
[nl]
Controleer dat network-manager en wpasupplicant geinstalleerd zijn. (Zo niet dan:<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>
+
De Network Manager ondersteunt ook het Wireless@RU netwerk, gebruik hiervoor dezelfde instellingen als voor het 'Science' netwerk, maar verander:
Wanneer je Ubuntu 7.10 alias Gutsy Gibbon gebruikt gelden er iets andere spelregels dan hierboven.
+
[/nl]
Als eerste hoort de wpa_supplicant.conf file op de volgende plaats te staan:
+
[en]
/etc/network/wpa_supplicant.conf
+
Network manager also supports the Wireless@RU network.  Use the same settings as for the 'Science' network, but change:
 +
[/en]
 +
Connection name: Wireless@RU
 +
SSID: ru-wlan // [Alleen kleine letters][No capitals]
 +
Username: <Student/[Medewerker nummer][Employee number]> // eg: s0123456 [of][or] u123456
 +
Password: <RU-account [wachtwoord][password]> // [Leeg laten om te laten vragen bij verbinding maken][or leave blank to ask each time at connecting]
 +
 
 +
= [Afwijkingen voor specifieke distributies][Distributions specifics] =
 +
 
 +
 
 +
== Ubuntu 10.04 (Lucid Lynx) ==
 +
 
 +
This tutorial is for Ubuntu 10.04 (Lucid Lynx) but might also be applicable for other distributions using the NetworkManager. Click the networkmanager applet and select ru-wlan (or Science) to make the initial connection. Or, if you have already connected previously, right click the networkmanager applet, select Edit Connections, go to Wireless and select "Auto ru-wlan" or "Auto Science", then click Edit. In the pop-up window, go to Wireless Security and fill in the following:
  
Met daarin natuurlijk alles wat boven ook staat met een aanpassing wat betreft de locaties van de pem files:
+
'''Wireless Security'''
De ssl certificaten staan in de volgende directory:
+
Security: WPA & WPA2 Enterprise
  /etc/ssl/certs
+
Authentication: Tunneled TLS
Feitelijk staan hier alleen maar symlinks, deze verwijzen naar
+
Anonymous identity:         <leave empty>
  /usr/share/ca-certificates/<subdir>/<pem-file>
+
  CA certificate: /etc/ssl/certs/AddTrust_External_Root.pem
 +
Inner authentication:                 MSCHAPv2
 +
  Username: Your student number or personnel number (for example: s0123456) (or your Science username)
 +
Password: Your RU account password (or your Science password)
  
De /etc/ssl/certs directory bevat ook hashes van de pem files, deze hashes zijn voor efficient en snelle toegang.  Deze hashes zijn alleen symlinks naar de symlinks die al in de /etc/ssl/certs directory staan. Hieronder het commando om de hashes op nieuw te laten aanmaken wanneer je bijvoorbeeld certificaten toevoegt:
+
After this the WLAN should connect automatically. If there are any difficulties, more information can usually be gathered using the command "tail -f /var/log/syslog"
c_rehash ./
 
  
Als je wilt testen of alles in orde is kun je handmatig wpa_supplicant aanroepen als volgt:
+
== Arch Linux ==
/sbin/wpa_supplicant -i<interface> -c<configfile>
 
bijvoorbeeld:
 
/sbin/wpa_supplicant -ieth1 -c/etc/network/wpa_supplicant.conf
 
Dit zal veel output produceren, beeindig het programma tijdig met CTRL-C om alles leesbaar te houden. In de output kun je ongetwijfeld hints vinden over eventuele problemen.
 
Wanneer je als output ziet dat een bepaald certificaat niet kan worden geverifieerd dan ontbreekt er waarschijnlijk een (tussen) certificaat.
 
  
Als eerste is het belangrijk om te controleren of je de volgende 3 certificaten hebt:
+
Create a netctl profile "eduroam" in "/etc/netctl", with the following content:
  GTE_CyberTrust_Global_Root.pem  
+
  Description='Eduroam (RU, Nijmegen)'
  GTE_CyberTrust_Root_CA.pem
+
Interface=wls3                                # check your interface name with `ip link`
  sureserverEDU.pem
+
Connection=wireless
 +
Security=wpa-configsection
 +
  IP=dhcp
 +
  WPAConfigSection=(
 +
    'ssid="eduroam"'
 +
    'key_mgmt=WPA-EAP'
 +
    'eap=PEAP'
 +
    'pairwise=CCMP TKIP'
 +
    'anonymous_identity="anonymous@science.ru.nl"'
 +
    'identity="SCIENCE_USER@science.ru.nl"'  # change this
 +
    'password="YOUR_SECRET"'                  # change this
 +
    'ca_path="/etc/ssl/certs/"'
 +
    'ca_path2="/etc/ssl/certs/"'
 +
    'phase2="auth=MSCHAPV2"'
 +
  )
  
De eerste twee zou je al moeten hebben, de derde kan eventueel ontbreken. Deze is te downloaden op een van de volgende plaatsen:
+
You can start the profile with "netctl start eduroam". If you want, you can create a systemd service for it. See the archwiki: https://wiki.archlinux.org/index.php/Netctl#Automatic_operation
http://secure.globalsign.net/cacert/sureserverEDU.crt of
 
http://secure.globalsign.net/cacert/sureserverEDU.pem of
 
https://secure.globalsign.net/cacert/educational.crt
 
Waarmee er natuurlijk genoeg hints zijn om de andere files te vinden.
 
  
# '''Verbinding maken''':<br />
+
== Ubuntu Gutsy Gibbon ==
ifup eth1
 
of
 
root@localhost# ifconfig eth1 up
 
Waar je natuurlijk eth1 moet vervangen door je eigen interface.
 
  
# '''Debugging'''
+
[nl]
Wanneer je problemen hebt met de verbinding en er niet achter kunt komen wat het probleem is kun je altijd een van de volgende tools gebruiken:
+
Controleer dat network-manager en wpasupplicant geinstalleerd zijn. (Zo niet dan:<code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>
NetworkManager -DD
 
Levert een enorme berg output maar wel nuttig
 
wpa_supplicant -i<iface> -c<cfgfile>
 
Wederom veel output
 
nm-tool
 
Geeft de status van de NetworkManager managed devices weer, incl. wireless extensies en informatie wat dat betreft.
 
  
Indien je nm-applet in je ubuntu tray sterft, kun je hem proberen te reviven door
+
# Download certificaten altijd naar de map /usr/share/ca-certificates/<subdir>/<pem-file>
nm-applet
+
# Maak vervolgens een symlink aan in de /etc/ssl/certs directory:
direct aan te roepen als normale gebruiker (bijvoorbeeld via het uitvoeren menu).
 
 
[/nl]
 
[/nl]
 
 
[en]
 
[en]
 
Check that network-manager and wpasupplicant are installed. (If not: <code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>
 
Check that network-manager and wpasupplicant are installed. (If not: <code>sudo apt-get install wpasupplicant network-manager network-manager-gnome</code>
If you are a Ubuntu 7.10/Gutsy Gibbon user, there are some differences that could lead to trouble.
 
First, the wpa_supplicant.conf file is in a different location, hard to find if you have little experience looking for it:
 
/etc/network/wpa_supplicant.conf
 
  
The contents of the file are identical, with the exception of the directories where the certificate/pem files are located:
+
# When downloading a certificate, store it in /usr/share/ca-certificates/<subdir>/<pem-file>
The ssl certificates are to be found here:
+
# Then make a symlink in /etc/ssl/certs
  /etc/ssl/certs
+
[/en]
This directory actually contains symlinks only, linking to this directory:
+
  cd /etc/ssl/certs/<subdir>
  /usr/share/ca-certificates/<subdir>/<pem-file>
+
  sudo ln -s /usr/share/ca-certificates/<subdir>/<pem-file>
 +
 
 +
[nl]
 +
# De /etc/ssl/certs directory bevat ook hashes van de pem files, deze hashes zijn voor efficient en snelle toegang. Deze hashes zijn alleen symlinks naar de symlinks die al in de /etc/ssl/certs directory staan. Hieronder het commando om de hashes op nieuw te laten aanmaken wanneer je bijvoorbeeld certificaten toevoegt:
 +
[/nl]
 +
[en]
 +
# The /etc/ssl/certs directory also contains hashes of the pem files linked to (for quicker access). These hashes link to the pemfiles. Use this command to update all hashes, for example when you added a new pem file or deleted the hashes:
 +
[/en]
 +
sudo c_rehash ./
  
The /etc/ssl/certs directory also contains hashes of the pem files linked to. These hashes link to the pemfiles. Use this command to update all hashes, for example when you added a new pem file or deleted the hashes:
 
c_rehash ./
 
  
When you want to check wether everything is functioning properly you can use the following commands:
+
[nl]
 +
Als je wilt testen of alles in orde is kun je handmatig wpa_supplicant aanroepen als volgt
 +
[/nl]
 +
[en]
 +
To test if all is working correctly execute wpa_supplicant manually
 +
[/en]:
 
  /sbin/wpa_supplicant -i<interface> -c<configfile>
 
  /sbin/wpa_supplicant -i<interface> -c<configfile>
Example:
+
[bijvoorbeeld][for example]:
 
  /sbin/wpa_supplicant -ieth1 -c/etc/network/wpa_supplicant.conf
 
  /sbin/wpa_supplicant -ieth1 -c/etc/network/wpa_supplicant.conf
 +
[nl]
 +
Dit zal veel output produceren, beeindig het programma tijdig met CTRL-C om alles leesbaar te houden. In de output kun je ongetwijfeld hints vinden over eventuele problemen.
 +
Wanneer je als output ziet dat een bepaald certificaat niet kan worden geverifieerd dan ontbreekt er waarschijnlijk een (tussen) certificaat.
 +
Als eerste is het belangrijk om te controleren of je de volgende 3 certificaten hebt:
 +
[/nl]
 +
[en]
 
This will generate a large amount of output, make sure to terminate the program in time using CTRL-C to keep things readable. The output will most likely contain usefull hints about the problems.
 
This will generate a large amount of output, make sure to terminate the program in time using CTRL-C to keep things readable. The output will most likely contain usefull hints about the problems.
 
When the output tells you that a certain certificate cannot be verified, most likely you are missing a certificate or an in-between-certificate.
 
When the output tells you that a certain certificate cannot be verified, most likely you are missing a certificate or an in-between-certificate.
 +
First, check you have the following certificates:
 +
[/en]
  
First, check you have the following certificates:
+
  AddTrust External CA Root
GTE_CyberTrust_Global_Root.pem  
+
  UTN-USERFirst-Hardware
  GTE_CyberTrust_Root_CA.pem
+
  TERENA SSL CA
  sureserverEDU.pem
 
  
You should already have the first two, the last one can be found here:
+
[nl]
  http://secure.globalsign.net/cacert/sureserverEDU.crt or
+
De laatste twee zou je al moeten hebben, de eerste kan eventueel ontbreken. Deze is te downloaden op een van de volgende plaatsen
  http://secure.globalsign.net/cacert/sureserverEDU.pem or
+
[/nl]
 +
[en]
 +
You should already have the last two, the first one can be found here
 +
[/en]:
 +
  http://secure.globalsign.net/cacert/sureserverEDU.crt of
 +
  http://secure.globalsign.net/cacert/sureserverEDU.pem of
 
  https://secure.globalsign.net/cacert/educational.crt
 
  https://secure.globalsign.net/cacert/educational.crt
You need all three.
 
  
# '''Making a connection''':<br />
+
# '''[Verbinding maken][Making a connection]''':
 
  ifup eth1
 
  ifup eth1
or
+
[of][or]
 
  root@localhost# ifconfig eth1 up
 
  root@localhost# ifconfig eth1 up
Replace eth1 with your own interface designation/number
+
[Vervang][replace] eth1 [door je eigen netwerkinterface][with the appropriate network interface].
  
 
# '''Debugging'''
 
# '''Debugging'''
 +
[nl]
 +
Wanneer je problemen hebt met de verbinding en er niet achter kunt komen wat het probleem is kun je altijd een van de volgende tools gebruiken:
 +
[/nl]
 +
[en]
 
When you are having trouble with the Science wireless connection you can use the following tools/commands to retrieve additional information which could help you:
 
When you are having trouble with the Science wireless connection you can use the following tools/commands to retrieve additional information which could help you:
 +
[/en]
 +
* Start Network manager in debug [modus][mode].
 
  NetworkManager -DD
 
  NetworkManager -DD
Generates lots of output, usefull though.
+
* [Bekijk de uitvoer van][Look at the output of] wpa_supplicant
 
  wpa_supplicant -i<iface> -c<cfgfile>
 
  wpa_supplicant -i<iface> -c<cfgfile>
Again, output output output
+
* [Controleer de status van de netwerk interfaces][Check the status of the network interfaces]
 
  nm-tool
 
  nm-tool
Displays the status of the NetworkManager managed devices, including wireless devices and extensions.
+
[nl] * Indien je nm-applet in je ubuntu tray vastloopt, kun je hem herstarten met het commando[/nl]
 
+
[en] * When the network applet in your gnome/kde tray dies, you can restart it with the command[/en]
When the network applet in your gnome/kde tray dies, you can re-invoke it via the Run command.. menu:
 
 
  nm-applet
 
  nm-applet
[/en]
 
  
=== '''SuSE 10.1 [en de][and the] KNetworkManager''' ===
+
== SuSE 10.1 [en de][and the] KNetworkManager ==
  
 
# '''[Starten van][Starting the] KNetworkManager'''
 
# '''[Starten van][Starting the] KNetworkManager'''
Line 192: Line 260:
  
 
[nl]
 
[nl]
# Als de laptop een tuimelschakelaar heeft om het draadloze netwerk AAN te zetten: zorg dat ie aan staat.
+
# Als de laptop een tuimelschakelaar heeft om het draadloze netwerk AAN te zetten: zorg dat deze aan staat.
 
# Klik op KNetworkManager, kies het draadloze netwerk "Science".
 
# Klik op KNetworkManager, kies het draadloze netwerk "Science".
 
# Meestal staat de versleuteling op "WPA Personal". Verander dat in "WPA Enterprise".
 
# Meestal staat de versleuteling op "WPA Personal". Verander dat in "WPA Enterprise".
 
# Er komt een menu met "Advanced Settings". Zorg dat de EAP-methode op "PEAP" staat.
 
# Er komt een menu met "Advanced Settings". Zorg dat de EAP-methode op "PEAP" staat.
# Tik de FNWI gebruikersnaam als "Identity:" en het Science/FNWI wachtwoord.
+
# Tik de Science gebruikersnaam als "Identity:" en het Science wachtwoord.
 
# Klik op "Connect".
 
# Klik op "Connect".
 
[/nl]
 
[/nl]
Line 204: Line 272:
 
# The default encryption is usually set to "WPA Personal". Change this to "WPA Enterprise".
 
# The default encryption is usually set to "WPA Personal". Change this to "WPA Enterprise".
 
# A menu with Advanced Settings should appear. The "EAP Method" must be "PEAP".
 
# A menu with Advanced Settings should appear. The "EAP Method" must be "PEAP".
# Enter your FNWI username as "Identity:" and your Science/FNWI password.
+
# Enter your Science username as "Identity:" and your Science password.
# Click on "Connect".
+
# Click "Connect".
 
[/en]
 
[/en]
  
Line 216: Line 284:
  
  
# [Stop][Exit] [][the] KNetworkManager [door op "Quit" te klikken][by clicking "Quit"].
+
# [Stop][Exit the] KNetworkManager [door op "Quit" te klikken][by clicking "Quit"].
 
# [Geef het commando:][Give the command:] rm $HOME/.kde/share/config/knetworkmanagerrc
 
# [Geef het commando:][Give the command:] rm $HOME/.kde/share/config/knetworkmanagerrc
 
# [Herstart][Restart the] KNetworkManager [net als hierboven en probeer het opnieuw][as described above, and try again].
 
# [Herstart][Restart the] KNetworkManager [net als hierboven en probeer het opnieuw][as described above, and try again].
  
[[Category:Netwerk]]
+
== Gentoo ==
 +
=== Wpa Supplicant ===
 +
[De][The] wpa_supplicant package:
 +
emerge net-wireless/wpa_supplicant
 +
 
 +
Extra [certificaten van Debian][certificates from Debian]:
 +
emerge app-misc/ca-certificates
 +
 
 +
[Zie ook de][See also the] Gentoo [documentatie][documentation]:
 +
:[http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4 Gentoo Linux Documentation -- Gentoo Network Configuration]
 +
:[http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=4&chap=4 Gentoo Linux Documentation -- Wireless Networking]
 +
 
 +
=== RX Deauthenticated (reason=23) ===
 +
[nl]
 +
Wanneer het verbinden weigert, met in dmesg "RX Deuthenticated (reason=23)", zonder verdere duidelijke reden (23 is een algemene fout in de 802.1X authenticatie), kan het een incompatibiliteit (waar de vinger nog niet op gelegd is) zijn met gnutls of openssl.  In dat geval kun je een interne implementatie gebruiken met USE="-gnutls -ssl".
 +
[/nl]
 +
[en]
 +
When no link can be established, with "RX Deuauthenticated (reason=23)" in dmesg, without any obvious case (23 is a general error somewhere in the 802.1X authentication), it could be of an incompatibility (which is yet to be understood) with gnutls or OpenSSL.  One might try to compile wpa_supplicant without the gnutls and ssl keywords.
 +
[/en]
 +
 
 +
=== NetworkManager, wpa_gui [en][and] wicd ===
 +
[nl]
 +
Voor een gebruiksvriendelijkere ervaring kun je NetworkManager, wpa_gui of wicd gebruiken. Intern roepen NetworkManager, wpa_gui en wicd wpa_supplicant aan.
 +
De
 +
[/nl]
 +
[en]
 +
For a more userfriendly experience one might use NetworkManager, wpa_gui or wicd. NetworkManager, wpa_gui and wicd are front-ends for wpa_supplicant.
 +
The
 +
[/en]
 +
Gnome NetworkManager package:
 +
emerge net-misc/networkmanager
 +
 
 +
[De][The] wicd package:
 +
emerge net-misc/wicd
 +
 
 +
wpa_gui [nl]wordt automatisch bij wpa_supplicant mee-geinstalleerd, en heeft root-rechten nodig om verbinding met wpa_supplicant te maken.[/nl][en]is automatically installed by wpa_supplicant, and needs to be run as root to connect to wpa_supplicant.[/en]
 +
 
 +
NetworkManager homepage:
 +
:[http://projects.gnome.org/NetworkManager/ NetworkManager - Linux Networking made Easy]
 +
 
 +
wicd homepage:
 +
:[http://wicd.net/ wicd - home]
 +
 
 +
wpa_supplicant homepage:
 +
:[http://hostap.epitest.fi/wpa_supplicant/ Linux WPA/WPA2/IEEE 802.1X Supplicant]

Latest revision as of 13:22, 18 November 2014

Wireless network settings for Linux

Notes from a student for

wpa_supplicant settings

For most linux distributions you can set up a wireless connection using wpa_supplicant. The following works with Ubuntu-dapper with gnome, and network-manager and wpasupplicant installed. (sudo apt-get install wpasupplicant network-manager network-manager-gnome). I assume it also works for KDE, etc.

  1. In the task bar you will see an applet for the network on the right side.
  2. Click on the icon, then the available wireless networks will appear.
  3. Click on 'Science'. You will get a form. Fill in the following fields:

Wireless security: WPA-enterprise
EAP method: PEAP
Key-type: automatic
Identity: (Science username)
Password: (Science password)
CA certificate file: /etc/cacert.pem <- Modify this to the certificate bundle for your own system
  1. You can find the certificate bundle for your distribution here:
    • SUSE: /etc/cacert.pem
    • Ubuntu: /etc/ssl/certs/ca.pem (Also see: #Ubuntu Gutsy Gibbon)
    • Gentoo: /etc/ssl/certs/ca-certificates.crt

  1. Click "Login to network". Wait a moment and the connection will be established. If that doesn't work you can make a file wpa_supplicant.conf with the following content:

ctrl_interface=/var/run/wpa_supplicant
network={
  ssid="Science"
  proto=WPA
  key_mgmt=WPA-EAP
  eap=PEAP
  pairwise=TKIP
  identity="username"
  password="password"
  ca_cert="/etc/cacert.pem <- Modify this to the certificate bundle for your own system, see above
  phase2="auth=MSCHAPV2"
# priority=10
}

  1. Make sure to change 'username' and 'password' to your own username and password (keep the quotes). Move this file to the network script directory:

  • SUSE: /etc/sysconfig/network/wpa_supplicant.conf
  • Ubuntu: /etc/network/wpa_supplicant.conf
  • Gentoo: /etc/wpa_supplicant/wpa_supplicant.conf

Add the next line to your ifcfg file for your wireless interface. (Don't forget to modify the path for your own distribution).

WIRELESS_WPA_CONF='/etc/sysconfig/network/wpa_supplicant.conf'

Network Managersettings

If your distribution supports the new Network Manager, you can connect to the Science network with the following settings:

General settings

Connection name: RU Science
Connect Automatically: Mark/yes
System setting: Unmark/no

Wireless tab:

SSID: Science   // Note the capital S
Mode: Infrastructure
BSSID: <leave blank>
MAC adress: <leave blank>
MTU: automatic

Wireless Security tab:

Security: WPA & WPA2 Enterprise
Authentication: Protected EAP (PEAP)
Anonymous identity: <leave blank>
CA certificate: (none) // <leave blank>
PEAP version: Version 0
Inner authentication: MSCHAPv2
Username: <your-science-login>
Password: <your-science-password> // or leave blank to ask each time at connecting

IPv4 settings tab:

Method: Automatic (DHCP)
DHCP client ID: <leave blank>

Wireless@RU

Network manager also supports the Wireless@RU network. Use the same settings as for the 'Science' network, but change:

Connection name: Wireless@RU
SSID: ru-wlan // No capitals
Username: <Student/Employee number> // eg: s0123456 or u123456
Password: <RU-account password> // or leave blank to ask each time at connecting

Distributions specifics

Ubuntu 10.04 (Lucid Lynx)

This tutorial is for Ubuntu 10.04 (Lucid Lynx) but might also be applicable for other distributions using the NetworkManager. Click the networkmanager applet and select ru-wlan (or Science) to make the initial connection. Or, if you have already connected previously, right click the networkmanager applet, select Edit Connections, go to Wireless and select "Auto ru-wlan" or "Auto Science", then click Edit. In the pop-up window, go to Wireless Security and fill in the following:

Wireless Security
Security:				WPA & WPA2 Enterprise
Authentication:			Tunneled TLS
Anonymous identity:		        <leave empty>
CA certificate:			/etc/ssl/certs/AddTrust_External_Root.pem
Inner authentication:	                MSCHAPv2
Username:				Your student number or personnel number (for example: s0123456) (or your Science username)
Password:				Your RU account password (or your Science password)

After this the WLAN should connect automatically. If there are any difficulties, more information can usually be gathered using the command "tail -f /var/log/syslog"

Arch Linux

Create a netctl profile "eduroam" in "/etc/netctl", with the following content:

Description='Eduroam (RU, Nijmegen)'
Interface=wls3                                # check your interface name with `ip link`
Connection=wireless
Security=wpa-configsection
IP=dhcp
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'pairwise=CCMP TKIP'
    'anonymous_identity=""'
    'identity=""'   # change this
    'password="YOUR_SECRET"'                  # change this
    'ca_path="/etc/ssl/certs/"'
    'ca_path2="/etc/ssl/certs/"'
    'phase2="auth=MSCHAPV2"'
)

You can start the profile with "netctl start eduroam". If you want, you can create a systemd service for it. See the archwiki: https://wiki.archlinux.org/index.php/Netctl#Automatic_operation

Ubuntu Gutsy Gibbon

Check that network-manager and wpasupplicant are installed. (If not: sudo apt-get install wpasupplicant network-manager network-manager-gnome

  1. When downloading a certificate, store it in /usr/share/ca-certificates/<subdir>/<pem-file>
  2. Then make a symlink in /etc/ssl/certs

cd /etc/ssl/certs/<subdir>
sudo ln -s /usr/share/ca-certificates/<subdir>/<pem-file>

  1. The /etc/ssl/certs directory also contains hashes of the pem files linked to (for quicker access). These hashes link to the pemfiles. Use this command to update all hashes, for example when you added a new pem file or deleted the hashes:

sudo c_rehash ./


To test if all is working correctly execute wpa_supplicant manually :

/sbin/wpa_supplicant -i<interface> -c<configfile>

for example:

/sbin/wpa_supplicant -ieth1 -c/etc/network/wpa_supplicant.conf

This will generate a large amount of output, make sure to terminate the program in time using CTRL-C to keep things readable. The output will most likely contain usefull hints about the problems. When the output tells you that a certain certificate cannot be verified, most likely you are missing a certificate or an in-between-certificate. First, check you have the following certificates:

AddTrust External CA Root
UTN-USERFirst-Hardware
TERENA SSL CA

You should already have the last two, the first one can be found here :

http://secure.globalsign.net/cacert/sureserverEDU.crt of
http://secure.globalsign.net/cacert/sureserverEDU.pem of
https://secure.globalsign.net/cacert/educational.crt
  1. Making a connection:
ifup eth1

or

root@localhost# ifconfig eth1 up

replace eth1 with the appropriate network interface.

  1. Debugging

When you are having trouble with the Science wireless connection you can use the following tools/commands to retrieve additional information which could help you:

  • Start Network manager in debug mode.
NetworkManager -DD
  • Look at the output of wpa_supplicant
wpa_supplicant -i<iface> -c<cfgfile>
  • Check the status of the network interfaces
nm-tool

* When the network applet in your gnome/kde tray dies, you can restart it with the command

nm-applet

SuSE 10.1 and the KNetworkManager

  1. Starting the KNetworkManager

If the KNetworkManager is not present as an Applet in the Panel it can be started by clicking "System -> Desktop Applet -> knetworkmanager (Networking Tool)" or by typing the command "knetworkmanager". If the "KNetworkManager" is not available install it with "System -> YaST (Control Center) - software management".

  1. Starting the wireless network

  1. Make sure the wireless switch on the laptop is ON.
  2. Click on KNetworkManager and choose the Wireless Network "Science".
  3. The default encryption is usually set to "WPA Personal". Change this to "WPA Enterprise".
  4. A menu with Advanced Settings should appear. The "EAP Method" must be "PEAP".
  5. Enter your Science username as "Identity:" and your Science password.
  6. Click "Connect".

If something goes wrong, perhaps because of a typo in the password or the wrong selection of the encryption, one may not get the opportunity to correct it because the second time one clicks on the KNetworkManager the menu may not appear and the wrong settings are used again. There may be an elegant solution to this problem that I don't know about, but this work-around might be useful:


  1. Exit the KNetworkManager by clicking "Quit".
  2. Give the command: rm $HOME/.kde/share/config/knetworkmanagerrc
  3. Restart the KNetworkManager as described above, and try again.

Gentoo

Wpa Supplicant

The wpa_supplicant package:

emerge net-wireless/wpa_supplicant

Extra certificates from Debian:

emerge app-misc/ca-certificates

See also the Gentoo documentation:

Gentoo Linux Documentation -- Gentoo Network Configuration
Gentoo Linux Documentation -- Wireless Networking

RX Deauthenticated (reason=23)

When no link can be established, with "RX Deuauthenticated (reason=23)" in dmesg, without any obvious case (23 is a general error somewhere in the 802.1X authentication), it could be of an incompatibility (which is yet to be understood) with gnutls or OpenSSL. One might try to compile wpa_supplicant without the gnutls and ssl keywords.

NetworkManager, wpa_gui and wicd

For a more userfriendly experience one might use NetworkManager, wpa_gui or wicd. NetworkManager, wpa_gui and wicd are front-ends for wpa_supplicant. The Gnome NetworkManager package:

emerge net-misc/networkmanager

The wicd package:

emerge net-misc/wicd

wpa_gui is automatically installed by wpa_supplicant, and needs to be run as root to connect to wpa_supplicant.

NetworkManager homepage:

NetworkManager - Linux Networking made Easy

wicd homepage:

wicd - home

wpa_supplicant homepage:

Linux WPA/WPA2/IEEE 802.1X Supplicant